Crooks attacked banks and processors hundreds of millions of times, according to ThreatMetrix, which paints a picture of a massive fraud network that's starting to rival actual segments of the payments industry in scope.
San Jose, Calif.-based ThreatMetrix stopped 130 million attacks in real time on its network during the first quarter of 2017, representing a 35% increase over the previous year. But there also were at least 200 million "fraud attempts" that are categorized more as probing actions, like a criminal casing a house to determine the best ways to get in, said Vanita Pandey, vice president of product marketing at ThreatMetrix.
"This is definitely huge growth in the number of attacks compared to last year," Pandey said.
The company analyzed close to two billion transactions globally per month during the first quarter of this year, with more than 45% of those originating from mobile devices, according to its 2017 1st Quarter Cybercrime Report. Growth in attacks outpaced overall transaction growth by 50%, clearly demonstrating the heightened risk levels, the report said.
"When you look at all of the attacks, you have to think of each of those as possibly stealing someone's identity to launch attacks against those people without their knowledge," said Alisdair Faulkner, chief products officer at ThreatMetrix.
Because the real attacks and fraud probes are not the same as the more widely known data breaches at the retail network level, many go unreported in the industry, Faulkner said.
"These types of attacks are effectively killing us all by 1,000 cuts because they go largely unreported," Faulkner added. "But to us, this is a significant thing. To highlight this, we believe we have the only report that is calling out the consequences of the rising malware and cyberattack technology."
The first quarter report confirms a trend that ThreatMetrix monitored in 2016 — that mobile is becoming the playground and hiding place for cyberattacks and those who orchestrate them. Even more so than hiding behind web sites, fraudsters are now infiltrating or using application identifiers to create more havoc with mobile.
Of those 45% of transactions coming from mobile devices, more than 53% were new account creations — an entry spot that fraudsters are increasingly setting up shop to either steal an account, or create their own with a previously stolen identity or payment card.
Overall, the statistic that stands out in confirming what banks and merchants are dealing with in today's digital world is the attack growth outpacing transaction growth by 50%, said Julie Conroy, research director and fraud expert with Boston-based Aite Group.
"This echoes many of my conversations with the financial institutions and merchants who have been feeling the brunt of this attack increase," Conroy said.
The increase in identity fraud resulting from these attacks also is consistent with other research. Identity spoofing rose to nearly 50% of attacks as a top attack vector of the 130 million ThreatMetrix stopped in real-time.
"We recently fielded a survey of over 80 U.S. financial institutions, and the majority of large banks highlighted rising identity fraud as a key challenge," Conroy added.
The U.S. remained the most attractive target because of its high transaction density, and higher mobile deployment at 43% of transactions, resulting in more mobile transactions for purchases, account creations and account logins. Plus, the average e-commerce ticket size in the U.S. was $270.
The U.K. or Canada was the second most attractive target, depending on the origin of the attack, the report noted.
The quarter also saw a high level of attacks on e-commerce, with more than 80 million rejected transactions, a 45% decrease over the previous year.
Another reality the ThreatMetrix report and others like it confirms is cyber criminals aren't exactly discouraged when fraud prevention tools thwart their attacks. They have so many other irons in the fire, they "don't crawl up into a fetal position because of a rejection, they simply move onto the next attack vector" be it device spoofing, Internet protocol spoofing or fake chat bots, Pandey said.
"We can't think about fraud and cybercrime only taking place at big companies or big banks," Pandey added. "Fraudsters are going everywhere now, so much so that some companies spend a lot of money building a loyal customer base, but what they could potentially have is a loyal fraudster base."
That sort of scenario plays itself out in fraudsters creating new accounts through a fake identity from stolen credentials, and then letting that account sit for a period of time before making a move to steal large sums of money or making huge purchases.
There is some good news in the fight against cyberattacks, beyond the fact that ThreatMetrix was able to thwart 130 million attacks.
"Years ago, people didn't want to talk about the fact they were being attacked by fraudsters and some of their customers were having problems," Pandey said. "Now we are seeing they are open to talking about it."
Over time, many are realizing that a few layers of in-house fraud protection probably isn't enough to keep data safe, she added. "The underlying fact is that cybercrime is well organized," Pandey said. "It takes a network to fight a network because knowledge sharing is very important."